Activities of "smry"
Ideally it would work such that if timeout time expires, tokens deleted on browser and the screen display is just an unlock modal I have not reviewed what the Session Lock code does but functionally it looks like it logs you off so the session is never "locked", its just a blanket log out with a screen implying that you are locked
I've attached an image of what I am trying to describe - basically an overlay so that your modals/pages remain in place since a full page route removes any pending work you were potentially in the middle of
On first entry into a page that has Tabs the application adds extra spacing I tracked this down on my application and noticed 3 classes get added on the first time you open a page with tabs - card-header, card-header-tabs-line, and nav-tabs-line
I checked the application and found these are actually added on ngAfterViewChecked on the CustomizableDashboardComponent
ngAfterViewChecked(): void {
setTimeout(() => {
let navTabs = window.document.querySelector('.nav.nav-tabs');
if (!navTabs) {
return;
}
navTabs.classList.add('card-header');
navTabs.classList.add('card-header-tabs-line');
navTabs.classList.add('nav-tabs-line');
}, 1000);
}
You can modify the classes there and see that it does translate to any Tabbed page in the application on first load of said page but is gone on second page load
Because this also happens on the https://aspnetzero.com/Demo site I skipped the prerequisite questions as its an issue with the current live version of the application
- What is your product version? 9.1.0
- What is your product type (Angular or MVC)? Angular
- What is product framework type (.net framework or .net core)? .NET Core
We do not have a way of replicating event to get the application into a failed state, but currently the application access all methods except one
The errors we get are listed below:
pNetCore.Cors.Infrastructure.CorsService - Request origin https://tenant1.mysite.com:12345 does not have permission to access the resource.
Mvc.Authorization.AbpAuthorizationFilter - Abp.Authorization.AbpAuthorizationException: Current user did not login to the application!
at Abp.Authorization.AuthorizationHelper.AuthorizeAsync(IEnumerable`1 authorizeAttributes)
at Abp.Authorization.AuthorizationHelper.CheckPermissionsAsync(MethodInfo methodInfo, Type type)
at Abp.Authorization.AuthorizationHelper.AuthorizeAsync(MethodInfo methodInfo, Type type)
at Abp.AspNetCore.Mvc.Authorization.AbpAuthorizationFilter.OnAuthorizationAsync(AuthorizationFilterContext context)
Abp.Authorization.AbpAuthorizationException: Current user did not login to the application!
at Abp.Authorization.AuthorizationHelper.AuthorizeAsync(IEnumerable`1 authorizeAttributes)
at Abp.Authorization.AuthorizationHelper.CheckPermissionsAsync(MethodInfo methodInfo, Type type)
at Abp.Authorization.AuthorizationHelper.AuthorizeAsync(MethodInfo methodInfo, Type type)
What do we have to do to reset all connections? I found and cleared the AbpUserTokens table and based on comments from https://github.com/aspnetzero/aspnet-zero-core/issues/3368 - since it sounds like Tokens are cleared out after they expire anyway.
If I wanted to clear out all cache from the application, what tables and actions should we take?
- What is your product version? 9.0.1
- What is your product type (Angular or MVC)? Angular
- What is product framework type (.net framework or .net core)? .NET Core
We logged into a specific tenant with swaggerUI and we noticed we were able to access certain information from (TenantId) from another tenant knowing the tenants name For the specific example we found it was the very first method: /api/services/app/Account/IsTenantAvailable, using a known tenant the API was able to return state, TenantId, and server address
We were also able to query how many tenants were active on specific editions so a user could gain access to internal information
Has there been an audit conducted to identify how many tenant-to-tenant identifiable information concerns there may be? I was able to see penetration testing on the FAQ section, but that was geared more towards external/server access and not to items like tenant metadata being exposed
We have our site on mysite.com/www.mysite.com As of now, we added A records such that mysite.com goes to a wordpress site and * goes to ASPNETZero site
I am trying to setup a connection workflow so that non-tenant links redirect to wordpress instead of host Also, I need to leave open a subdomain "portal" for admins to access, Im assuming through a specific subdomain since we're restricting access to all 'failed' subdomains
I believe this is a table that explains the cases: | URL | outcome | current status | | --- | --- | --- | | mysite.com | wordpress site | working | | client.mysite.com | tenant site | working | | admin.mysite.com | Host site, IP restricted | 'works', but needs IP restrictions | | [noTenant].mysite.com | redirect to wordpress site | not working |
Looking in the API I see that the WebUrlServiceBase.cs seems to be where some of this takes place Unfortunately I am unable to debug in local and the routes only seem active in live
I found this in github which only is a local not external redirect on fail: https://github.com/aspnetboilerplate/aspnetboilerplate/issues/3958
Also, I think a possible solution would be in RedirectToExternalLoginPageAsync or something within the AccountController all together where I would test if tenant exists, if not go to mysite.com. I couldn't find specific information on rerouting within the application.
I was wondering if you had suggestions on what my approach could be?
We came across it in ApiUrlConfig and couldn't identify what that value does exactly
private const string DefaultHostUrl = "http://localhost:22742/"; //TODO: Replace with PROD url.
I tried looking for tickets referencing it and they seem to suggest that it is used in Xamarin development
We have never changed that value and the project seems to work fine in development and in PROD environments
We are using 8.3.1 Angular/.NETCore application
I found these threads outlining our issues when connecting with a VPN to our sites but I am unable to understand what can be done to correct the issue
3 years ago: https://support.aspnetzero.com/QA/Questions/3669 4 years ago: https://support.aspnetzero.com/QA/Questions/701
I am using Angular/.NET Core build 8.3.1
The UI seems to load but no connection is made in an attempt to access the API - just as mentioned in those previous tickets
What needs to be done on our end to ensure our VPN clients are able to use the software?
I am hosting my Angular/.NETCore 8.3.1 application through an Azure Windows VM hosting the API and WebUI with IIS and attempting to use SSL/HTTPS (port 44301 or any other) and causes application to not respond It would seem that the UI is able to hit the vm-site files (HTTP port 80) but fails to ever attempt to access the API files
Within the VM I can see that using a browser I can hit the API and it does load up (based on system and API logs)
Whenever the WebUI attempts to reach the API it fails to even make the attempt to hit the API (based on server log and API log inactivity)
There was a case during troubleshooting that I can see that the WebUI would attempt to hit the API and it would get rejected due to CORS
Is there any documentation that walks through standing up the site with a wildcard SSL and getting the application to run on HTTPS
this line fails:
var payments = await query.OrderBy(input.Sorting).PageBy(input).ToListAsync();
Error on query:
Session.TenantId is null! Possible problems: No user logged in or current logged in user in a host user (TenantId is always null for host users).
We usually use Theme 12 and I just migrated from v.8.0.0 up to 8.1 When I did that, the API worked but the UI was essentially missing CSS
At first I thought it was a deployment issue until I rebuilt everything with default theme and found that the entire application and tenants seem to lose CSS when Theme 12 is selected
Can you verify if there is an issue with Theme12 implimentation on v.8.1.0?